появились файлы IEXPLORE.EXE jodrive32.exe aadrive32.exe
в папке систем32 постоянно появзялются файлики **.exe где ** натуральные числа
постоянно выполняются какие то процессы с интернет експлорера, хотя пользуюсь хромом!
Printable View
появились файлы IEXPLORE.EXE jodrive32.exe aadrive32.exe
в папке систем32 постоянно появзялются файлики **.exe где ** натуральные числа
постоянно выполняются какие то процессы с интернет експлорера, хотя пользуюсь хромом!
Уважаемый(ая) [B]kovriginborya[/B], спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы, в самое ближайшее время, ответят на Ваш запрос.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/donate/"]поддержите проект[/URL].
[URL="http://virusinfo.info/pravila.html"][COLOR="blue"]Внимательно прочитайте и аккуратно выполните[/COLOR][/URL]
+ Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][COLOR="Blue"][B]MBAM[/B][/COLOR][/URL]
логи ниже:
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\10.exe','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe','');
QuarantineFile('C:\WINDOWS\xsdll.exe','');
QuarantineFile('C:\WINDOWS\system32\ac32.exe','');
QuarantineFile('C:\WINDOWS\aadrive32.exe','');
QuarantineFile('C:\WINDOWS\System32\70.exe','');
QuarantineFile('C:\WINDOWS\System32\67.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Hmtath.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Bktatb.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\5F2.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\1DBA.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\1D6E.tmp','');
QuarantineFile('C:\WINDOWS\jodrive32.exe','');
TerminateProcessByName('C:\WINDOWS\jodrive32.exe');
QuarantineFile('c:\windows\jodrive32.exe','');
TerminateProcessByName('c:\windows\jodrive32.exe');
QuarantineFile('c:\windows\aadrive32.exe','');
TerminateProcessByName('c:\windows\aadrive32.exe');
QuarantineFile('c:\windows\system32\67.exe','');
TerminateProcessByName('c:\windows\system32\67.exe');
DeleteFile('c:\windows\aadrive32.exe');
DeleteFile('c:\windows\jodrive32.exe');
DeleteFile('C:\WINDOWS\jodrive32.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\1D6E.tmp');
DeleteFile('C:\Documents and Settings\Admin\Application Data\1DBA.tmp');
DeleteFile('C:\Documents and Settings\Admin\Application Data\5F2.tmp');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Bktatb.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Hmtath.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tnaww');
DeleteFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe');
DeleteFile('C:\WINDOWS\System32\67.exe');
DeleteFile('C:\WINDOWS\aadrive32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Config Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Config Setup');
DeleteFile('C:\WINDOWS\system32\ac32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ac32');
DeleteFile('C:\WINDOWS\xsdll.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','oo');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe');
DeleteFile('C:\WINDOWS\system32\10.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
QuarantineFile('c:\sdm32.exe','');
DeleteFileMask('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5', '*.*', true);
DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.[/CODE]
После перезагрузки:
- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы
- [URL="http://virusinfo.info/showpost.php?p=493584&postcount=2"]удалите[/URL] в [B]MBAM[/B] оставшееся из этого
[CODE]
Заражённые процессы в памяти:
c:\WINDOWS\system32\67.exe (Malware.Gen) -> 1496 -> No action taken.
c:\WINDOWS\aadrive32.exe (Trojan.Agent.Gen) -> 2668 -> No action taken.
c:\WINDOWS\jodrive32.exe (Worm.Palevo) -> 188 -> No action taken.
Заражённые параметры в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Trojan.Agent.Gen) -> Value: Microsoft Driver Setup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Trojan.Agent.Gen) -> Value: Microsoft Driver Setup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Config Setup (Worm.Palevo) -> Value: Microsoft Config Setup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Config Setup (Worm.Palevo) -> Value: Microsoft Config Setup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\name_me (Trojan.Downloader) -> Value: name_me -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eeexixx (Trojan.Downloader) -> Value: eeexixx -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aexi (Trojan.Downloader) -> Value: aexi -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bktatb (Trojan.Agent.Gen) -> Value: Bktatb -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tnaww (Trojan.Agent.Gen) -> Value: Tnaww -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hmtath (Spyware.BlackShadesNET) -> Value: Hmtath -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12CFG214-K641-12SF-N85P (Trojan.Agent.Gen) -> Value: 12CFG214-K641-12SF-N85P -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac32 (Trojan.Agent) -> Value: ac32 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oo (Trojan.Downloader) -> Value: oo -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window DLL Service (Backdoor.Agent) -> Value: Window DLL Service -> No action taken.
Объекты реестра заражены:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Gen) -> Bad: (C:\WINDOWS\System32\67.exe) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent.Gen) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe) Good: () -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe) Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\67.exe -init) Good: (userinit.exe) -> No action taken.
Заражённые папки:
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\local settings\Temp\E_4 (Worm.AutoRun) -> No action taken.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> No action taken.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> No action taken.
Заражённые файлы:
c:\WINDOWS\system32\67.exe (Malware.Gen) -> No action taken.
c:\WINDOWS\aadrive32.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\jodrive32.exe (Worm.Palevo) -> No action taken.
c:\documents and settings\Admin\application data\1DBA.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\1D6E.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\5F2.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\admin\application data\bktatb.exe (Trojan.Agent.Gen) -> No action taken.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\admin\application data\hmtath.exe (Spyware.BlackShadesNET) -> No action taken.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Agent.Gen) -> No action taken.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Trojan.Agent.Gen) -> No action taken.
c:\sdm32.exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\cadqj.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\cdqj.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\ddqj.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\zddqj.exe (Worm.Autorun) -> No action taken.
c:\documents and settings\Admin\application data\10.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\103.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\106.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\109.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\10A.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\10C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\10E.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\110.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\111.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\113.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\118.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\119.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\11C.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\11D.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\124.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\13.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\131.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\13A.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\13C.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\14.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\14B.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\visdrive.exe (Malware.Gen) -> No action taken.
c:\documents and settings\Admin\application data\C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\C1.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\C3.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\C9.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\CD.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\CE.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\D.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\D6.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\D8.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\DD.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\E.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\E2.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\E5.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\EB.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\F.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\F8.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\FB.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\FD.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\FF.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\23.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\233C.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\241.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\244.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\246.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\25.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\251.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\253.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\255.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\257.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\29.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\294.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\296.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\2B.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\2DA5.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\2DEF.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\2DF5.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\2F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\3.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\310.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\316.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\31A.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\32.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\34.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\36.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\3C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\3C4.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\4.tmp (Worm.Palevo) -> No action taken.
c:\documents and settings\Admin\application data\40.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\42.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\43.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\44.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\45.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\46.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\47.tmp (Worm.Palevo) -> No action taken.
c:\documents and settings\Admin\application data\48.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\49.tmp (Worm.Palevo.H) -> No action taken.
c:\documents and settings\Admin\application data\15.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\5B.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\7.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\8D.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\4BC.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\4BE.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\4C0.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\4C2.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\4D.tmp (Worm.Palevo.H) -> No action taken.
c:\documents and settings\Admin\application data\4E.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\4F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\50.tmp (Worm.Palevo.H) -> No action taken.
c:\documents and settings\Admin\application data\51.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\52.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\53.tmp (Worm.Palevo.H) -> No action taken.
c:\documents and settings\Admin\application data\54.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\55.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\56.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\57.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\58.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\59.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\5A.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\70.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\71.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\72.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\73.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\74.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\76.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\77.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\78.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\79.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\7A.tmp (Worm.Autorun) -> No action taken.
c:\documents and settings\Admin\application data\7B.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\7C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\7D.tmp (Worm.Palevo.H) -> No action taken.
c:\documents and settings\Admin\application data\7E.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\7F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\8.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\80.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\81.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\82.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\83.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\84.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\85.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\86.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\87.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\88.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\89.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\8A.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\8A7.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\8B.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\8C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\8E.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\8F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\9.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\90.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\91.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\92.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\98.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\9D.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\A.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\A2.tmp (Worm.Palevo.H) -> No action taken.
c:\documents and settings\Admin\application data\A6.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\AB.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\B.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\B6.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\BA.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\160.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\17.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\18.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1A.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1A1.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1B0.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\1C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1D.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1D6B.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\Admin\application data\1D80.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1E.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\1F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\20.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\5C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\5D.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\5D3.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\5E.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\5EE.tmp (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\application data\5F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Admin\application data\60.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\61.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\62.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\63.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\64.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\65.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\66.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\67.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\68.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\69.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6A.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6B.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6C.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6D.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6E.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\application data\6F.tmp (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\doctorweb\quarantine\bsysmgr.exe (Worm.Palevo.XGen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\63KSTJGM\752825289[1].gif (Worm.Palevo.XGen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\63KSTJGM\wffwwng[1].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\63KSTJGM\wffwwng[2].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8F8PONQM\3800fe[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8F8PONQM\200few[1].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8F8PONQM\200few[2].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\RMWCP679\3800fe[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\RMWCP679\brsuli[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\RMWCP679\haydar[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\ngioz[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\200fuwk[1].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\200xmmmx[1].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\haydar[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\YEO8V4RB\brsuli[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\7FZYJRSY\c[1].exe (Spyware.BlackShadesNET) -> No action taken.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\7FZYJRSY\z[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\ITH1BGXZ\z[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\XYSY5VKR\z[1].exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\system32\10.exe (Spyware.BlackShadesNET) -> No action taken.
c:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\wchrv.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\wmasrv.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> No action taken.
c:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\internet.fne (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\krnln.fnr (Worm.Autorun) -> No action taken.
c:\WINDOWS\system32\com.run (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\ac.blabla (Worm.Autorun) -> No action taken.
c:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\26.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\system32\52.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\system32\62.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\system32\86.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\system32\og.dll (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\og.edt (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> No action taken.
c:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> No action taken.
c:\WINDOWS\logfile32.txt (Malware.Trace) -> No action taken.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> No action taken.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> No action taken.
[/CODE]
Обновите систему
- SP2 обновите до [URL="http://www.microsoft.com/Downloads/details.aspx?displaylang=ru&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4"]Service Pack 3[/URL](может потребоваться активация)
[B]*[/B] Перед установкой Сервис Пака необходимо выгрузить антивирус, файрвол, а так же резидентные приложения типа TeaTimer (Spybot Search and Destroy) и др.)
[B]*[/B] Microsoft остановил поддержку и выпуск обновлений безопасности для ОС Windows XP без установленного SP3, см.[URL="http://windows.microsoft.com/ru-ru/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs?os=xp"]тут[/URL]
- Установите [URL="http://www.microsoft.com/rus/windows/internet-explorer/default.aspx"]Internet-Explorer 8[/URL].(даже если Вы его не используете)
- Поставте все последние обновления системы Windows - [URL="http://www.update.microsoft.com"]тут[/URL]
После обновления:
- Сделайте повторные логи по [URL="http://virusinfo.info/pravila.html"]правилам[/URL] п.2 и 3 раздела Диагностика.([COLOR="Blue"]virusinfo_syscheck.zip;hijackthis.log[/COLOR])
- Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][COLOR="Blue"][B]MBAM[/B][/COLOR][/URL]
-
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
DeleteFile('C:\Documents and Settings\NetworkService\Application Data\Hmtath.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Hmtath');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Hmtath');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]
После перезагрузки:
- Сделайте повторный лог [COLOR="Blue"]virusinfo_syscheck.zip[/COLOR];
-
вот это сделайте
[QUOTE=polword;800479]
Обновите систему
- SP2 обновите до [URL="http://www.microsoft.com/Downloads/details.aspx?displaylang=ru&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4"]Service Pack 3[/URL](может потребоваться активация)
[B]*[/B] Перед установкой Сервис Пака необходимо выгрузить антивирус, файрвол, а так же резидентные приложения типа TeaTimer (Spybot Search and Destroy) и др.)
[B]*[/B] Microsoft остановил поддержку и выпуск обновлений безопасности для ОС Windows XP без установленного SP3, см.[URL="http://windows.microsoft.com/ru-ru/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs?os=xp"]тут[/URL]
- Установите [URL="http://www.microsoft.com/rus/windows/internet-explorer/default.aspx"]Internet-Explorer 8[/URL].(даже если Вы его не используете)
- Поставте все последние обновления системы Windows - [URL="http://www.update.microsoft.com"]тут[/URL]
[/QUOTE]
После обновления:
- Сделайте повторные логи по [URL="http://virusinfo.info/pravila.html"]правилам[/URL] п.2 и 3 раздела Диагностика.([COLOR=Blue]virusinfo_syscheck.zip;hijackthis.log[/COLOR])
- Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][COLOR=Blue][B]MBAM[/B][/COLOR][/URL]